Attackers have begun to probe a new authentication-bypass in PraisonAI.

Attackers began probing a newly disclosed authentication‑bypass flaw in PraisonAI less than four hours after it was publicly revealed. The vulnerability stemmed from a legacy Flask API server shipped without authentication in versions 2.5.6 to 4.6.33, allowing unauthenticated access to agent metadata and workflow triggers. Early activity appeared to be automated scanning rather than full exploitation, focusing on enumerating vulnerable endpoints.

Read more:

https://www.securityweek.com/hackers-targeted-praisonai-vulnerability-hours-after-disclosure/